Security daily (07-10-2020)

10 additional AWS services authorized at DoD Impact Level 6 for the AWS Secret Region

The Defense Information Systems Agency (DISA) has authorized 10 additional AWS services in the AWS Secret Region for production workloads at the Department of Defense (DoD) Impact Level (IL) 6 under the DoD’s Cloud Computing Security Requirements Guide (DoD CC SRG). With this authorization at DoD IL 6, DoD Mission Owners can process classified and […] (AWS Security Blog)

SEC settles with trader accused of illegal trades using hacked data

The U.S. Securities and Exchange Commission agreed to settle charges with one of the traders who relied on hacked data from an SEC company filing system to collectively make millions of dollars, the agency said in a federal court filing on Wednesday. The SEC settlement includes both Sungjin Cho, the trader, and Kyungja Cho, his mother. Sungjin Cho made 66 illegal trades under his own name relying on the hacked information, and placed or directed four more under accounts in his mother’s name, according to the original complaint. Last year, the SEC and Justice Department filed charges against alleged hackers and the group of traders whom they said benefited from the scheme dating back to 2016 to steal secrets from EDGAR. EDGAR is a filing system for public companies that sometimes contains information that has not yet been made public. The scheme netted at least $4.1 million for the traders, according to the SEC. Among the […] The post SEC settles with trader accused of illegal trades using hacked data appeared first on CyberScoop. (CyberScoop)

Hacker-for-hire group leverages zero-days, disinformation in Middle East

An “elusive” hacking-for-hire operation is behind a series of campaigns that exploit unknown software flaws, malicious applications, and disinformation efforts, according to BlackBerry research published Wednesday. The group, named “Bahamut,” is responsible for dozens of malicious applications that have been available in the Google’s Play store and Apple’s iOS marketplace, according to the BlackBerry research. Researchers say they believe Bahamut has used these applications to track surveillance targets, which are primarily located in the Middle East and South Asia, according to the report, which does not name the group’s suspected origins. Bahamut’s targets could offer some clues about its clientele. Bahamut has targeted government entities in the United Arab Emirates, Pakistani military officials, Sikh separatists in India, Indian business executives, and Saudi Arabian diplomats, according to a Reuters investigation. The independent journalism outlet Bellingcat also examined Bahamut’s activities in 2017. BlackBerry’s findings on the mercenary group are a reminder that malicious actors who want to disguise their […] The post Hacker-for-hire group leverages zero-days, disinformation in Middle East appeared first on CyberScoop. (CyberScoop)

Hackers exploit Trump's COVID-19 diagnosis to spread a different kind of virus

Opportunistic hackers have seized on President Donald Trump’s illness from COVID-19 to fool email recipients into clicking on malware, researchers found, in what was a quick turnaround from the news that dominated the weekend and beyond. Proofpoint said it had detected an active, “medium volume” email campaign on Wednesday sent to several hundred U.S. and Canadian organizations. The messages are designed to bamboozle victims into downloading the BazaLoader backdoor, a kind of trojan commonly linked to the developers of the TrickBot hacking tool. Scammers frequently seize on major news events to try duping victims into providing access to their sensitive data. The apparent TrickBot gang email campaign comes less than a week after Proofpoint highlighted another that swiped Democratic National Committee website language in a bid to infect potential party volunteers. In this case, emails contain subject lines like “Recent materials pertaining to the president’s illness.” The body of the messages contain a hyperlink to an attached […] The post Hackers exploit Trump's COVID-19 diagnosis to spread a different kind of virus appeared first on CyberScoop. (CyberScoop)

Chinese hackers suspected in cyber-espionage operation against Russia, India

Chinese government-linked hackers are suspected to be behind an ongoing global cyber-espionage campaign that U.S. officials are actively tracking, CyberScoop has learned. Malicious software used in the campaign, which the departments of Defense and Homeland Security have dubbed “SlothfulMedia,” is linked with “high confidence” to the Chinese government, according to one U.S. government official. Another U.S. government source said the hackers are suspected of having ties to Beijing, while a third government official described the group as operating a concerted hacking campaign based in China. Each person spoke with CyberScoop on the condition of anonymity because they were not authorized to speak to the media. The advisory is part of a broader effort to expose foreign hacking, including from China, to help protect American companies, two of the U.S. officials said. “This was a high-value disclosure because it demonstrates China’s targeting of Russian targets,” said one U.S. government source. The revelation comes after U.S. Cyber Command, the Pentagon’s […] The post Chinese hackers suspected in cyber-espionage operation against Russia, India appeared first on CyberScoop. (CyberScoop)

How to Use Gtfo to Search for Abusable Binaries During Post-Exploitation

GTFOBins and LOLBAS are projects with the goal of documenting native binaries that can be abused and exploited by attackers on Unix and Windows systems, respectfully. These binaries are often used for "living off the land" techniques during post-exploitation. In this tutorial, we will be exploring gtfo, a tool used to search these projects for abusable binaries right from the command line.

What Is Living Off the Land?

Living off the land is a method used by attackers that utilizes existing tools and features in the target environment to further the attack. Goals can include privilege... more (Null Byte « WonderHowTo)

Comcast TV Remote Hack Opens Homes To Snooping

(News ≈ Packet Storm)

DHS Warns Emotet Malware Is One Of The Most Prevalent Threats Today

(News ≈ Packet Storm)

Chrome Can Now Find Hacked Passwords On Phones

(News ≈ Packet Storm)

Hackers Exploit Windows Error Reporting Service In New Fileless Attack

(News ≈ Packet Storm)

SiteCheck Malware Report: September Summary

Our free SiteCheck tool helps website owners remotely scan their website to detect malware infections, blacklisting status, website errors, and other anomalies. Scanning a website’s external HTML source code provides immediate results, without the need to install any software or applications to identify threats. In September alone, a total of 17,138,086 website scans were performed using SiteCheck. Of those scans, 178,299 infected sites were detected.  While not as comprehensive as server-side scanners, users are able to instantly identify malicious code, find outdated software and plugins, and detect website security issues. Continue reading SiteCheck Malware Report: September Summary at Sucuri Blog. (Sucuri Blog)

A Handy Guide for Choosing a Managed Detection & Response (MDR) Service

Every company needs help with cybersecurity. No CISO ever said, "I have everything I need and am fully confident that our organization is fully protected against breaches." This is especially true for small and mid-sized enterprises that don't have the luxury of enormous cybersecurity budgets and a deep bench of cybersecurity experts. To address this issue, especially for small and mid-sized (The Hacker News)

ALERT! Hackers targeting IoT devices with a new P2P botnet malware

Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360's Netlab security team, the HEH Botnet — written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via a brute-force attack of the (The Hacker News)

Feds Sound Alarm Over Emotet Attacks on State, Local Govs

CISA warned already-strained public-sector entities about disturbing spikes in Emotet phishing attacks aimed at municipalities. (Threatpost)

Google Rolls Out Fixes for High-Severity Android System Flaws

The most serious bugs are elevation-of-privilege issues in the Android System component (CVE-2020-0215 and CVE-2020-0416). (Threatpost)

BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity

Researchers uncovered a sophisticated, incredibly well-resourced APT that has its fingers in wide-ranging espionage and disinformation campaigns. (Threatpost)

Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. (Threatpost)


/security-daily/ 08-10-2020 23:44:24